Re: CAPTCHA system in webDNA

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 60818
interpreted = N
texte = Hi Bill, Your proposed method looks like a good extension of my suggestion, especially the use of a randomly generated password. [cart] creates a value that looks too much like a number sometimes, and this might encourage hackers to run a brute force test on the page that's posted in the email. I also use a technique similar to the one Dan got from Brian Fries to generate virtually unique values, but I extend it even further by making the number of characters in each generated password value a random number between (for example) 10 and 20 characters. Then the hacker has one additional variable to deal with if he tries a brute force attack. I also like your idea to disable access to the page after X attempts from the same ip address within a pre-determined time period, because that would even further deter a brute force attack. After all, the valid password is already in the URL, which means the visitor from a specific ip address *should* get the password right on his very first attempt -- but certainly after a handful of failures this page should be 'turned off' for that ip address for an hour or so, and asking the visitor to try again later. Sincerely, Kenneth Grome www.kengrome.com >-----Original Message----- >From: Kenneth Grome >Sent: Thu, 20 Jan 2005 00:12:48 +0800 >To: "WebDNA Talk" >Subject: Re: CAPTCHA system in webDNA > >You're trying to prevent automatic email deletion from an opt-in mailing list? > >I wouldn't mess with the system you're suggesting at all. Instead >when the visitor enters his (or someone else's) email address into >the email field in your unsubscribe form, I would enter a unique >value into the 'unsubscribe' field of his database record: > >[replace db=subscribers.db&eqemaildatarq=[email]]unsubscribe=[cart][/replace] > >.. and then in the same template I would send the visitor an email >message with a URL that has that same unique value in it, like this: > > >************************************ >"Someone entered your email address into the >UNSUBSCRIBE page on our web site. If that person >was you, and if you really want to unsubscribe, just >click this link and we will unsubscribe you immediately:" > >http://domain.com/page.html?out=[cart] > >"But if you do NOT want to unsubscribe from our list, >please just ignore this message, thanks." >************************************ > > >The person who receives this email message may (or may not ) click >that link. If he clicks the link, your webdna code simply deletes >the only record in the subscribers database that has that unique >'out' value in the unsubscribe field: > >[delete db=subscribers.db&equnsubscribedatarq=[out]] > >Simple and efficient, and no images or other non-webdna tricks required. > >:) > >Sincerely, >Kenneth Grome >www.kengrome.com -- ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: CAPTCHA system in webDNA ( Justin Carroll 2005)
  2. Re: CAPTCHA system in webDNA ( Kenneth Grome 2005)
  3. Re: CAPTCHA system in webDNA ( "Dan Strong" 2005)
  4. Re: CAPTCHA system in webDNA ( "Dan Strong" 2005)
  5. Re: CAPTCHA system in webDNA ( devaulw@onebox.com 2005)
  6. Re: CAPTCHA system in webDNA ( Kenneth Grome 2005)
  7. Re: CAPTCHA system in webDNA ( "Dan Strong" 2005)
  8. Re: CAPTCHA system in webDNA ( devaulw@onebox.com 2005)
  9. Re: CAPTCHA system in webDNA ( Kenneth Grome 2005)
  10. Re: CAPTCHA system in webDNA ( "Dan Strong" 2005)
  11. Re: CAPTCHA system in webDNA ( Justin Carroll 2005)
  12. Re: CAPTCHA system in webDNA ( Clint Davis 2005)
  13. Re: CAPTCHA system in webDNA ( Kenneth Grome 2005)
  14. Re: CAPTCHA system in webDNA ( "Dan Strong" 2005)
  15. Re: CAPTCHA system in webDNA ( Justin Carroll 2005)
  16. CAPTCHA system in webDNA ( devaulw@onebox.com 2005)
Hi Bill, Your proposed method looks like a good extension of my suggestion, especially the use of a randomly generated password. [cart] creates a value that looks too much like a number sometimes, and this might encourage hackers to run a brute force test on the page that's posted in the email. I also use a technique similar to the one Dan got from Brian Fries to generate virtually unique values, but I extend it even further by making the number of characters in each generated password value a random number between (for example) 10 and 20 characters. Then the hacker has one additional variable to deal with if he tries a brute force attack. I also like your idea to disable access to the page after X attempts from the same ip address within a pre-determined time period, because that would even further deter a brute force attack. After all, the valid password is already in the URL, which means the visitor from a specific ip address *should* get the password right on his very first attempt -- but certainly after a handful of failures this page should be 'turned off' for that ip address for an hour or so, and asking the visitor to try again later. Sincerely, Kenneth Grome www.kengrome.com >-----Original Message----- >From: Kenneth Grome >Sent: Thu, 20 Jan 2005 00:12:48 +0800 >To: "WebDNA Talk" >Subject: Re: CAPTCHA system in webDNA > >You're trying to prevent automatic email deletion from an opt-in mailing list? > >I wouldn't mess with the system you're suggesting at all. Instead >when the visitor enters his (or someone else's) email address into >the email field in your unsubscribe form, I would enter a unique >value into the 'unsubscribe' field of his database record: > >[replace db=subscribers.db&eqemaildatarq=[email]]unsubscribe=[cart][/replace] > >.. and then in the same template I would send the visitor an email >message with a URL that has that same unique value in it, like this: > > >************************************ >"Someone entered your email address into the >UNSUBSCRIBE page on our web site. If that person >was you, and if you really want to unsubscribe, just >click this link and we will unsubscribe you immediately:" > >http://domain.com/page.html?out=[cart] > >"But if you do NOT want to unsubscribe from our list, >please just ignore this message, thanks." >************************************ > > >The person who receives this email message may (or may not ) click >that link. If he clicks the link, your webdna code simply deletes >the only record in the subscribers database that has that unique >'out' value in the unsubscribe field: > >[delete db=subscribers.db&equnsubscribedatarq=[out]] > >Simple and efficient, and no images or other non-webdna tricks required. > >:) > >Sincerely, >Kenneth Grome >www.kengrome.com -- ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Help! WebCat install problems... (2000) login via cookies (2006) 2.0Beta Command Ref (can't find this instruction) (1997) The old multiple selection bit (2000) Re:Virtual hosting and webcatNT (1997) carriage returns in data (1997) default value from Lookup (was Grant, please help me) (1997) denied access (1997) Thanks and new Question on lineitems (2002) Emailer setup (1997) WebCat Versions (2003) RequiredFields template (1997) Download (1999) For those of you not on the WebCatalog Beta... (1997) Re:no template caching (1997) Problems with [Applescript] (1997) Tax & Shipping (1997) Shopping Cart Problem (1998) WebCat2_Mac RETURNs in .db (1997) Exclamation point (1997)